accountrequiredpam_nologin.soaccountincludepassword-authpasswordincludepassword-auth# pam_selinux.so close should be the first session rulesessionrequiredpam_selinux.so closesessionrequiredpam_loginuid.so# pam_selinux.so open should only be followed by sessions to
be executed in the user contextsessionrequiredpam_selinux.so open
env_paramssessionoptionalpam_keyinit.so force
revokesessionincludepassword-auth